Personal data and written consent
General information about the Personal Data Act
There are some main concepts in the Personal Data Act that can be useful for you to know.
Personal data means any information that is directly or indirectly attributable to a physical, living person.
The rules in the Personal Data Act regarding processing refers to any measure or series of measures taken in respect to personal data. It is a broad term that covers collecting, recording, storing, adapting, distributing, compiling, and more.
Personal data controller
The personal data controller is the officer who, alone or together with others, determines the purposes and means of the processing of personal data. You as an employee are never responsible for personal data, but rather the public authority or company – in this case, Lund University.
PUL contains rules on how personal data may be processed. To a large extent, the protection of personal integrity in PUL is based on the consent of and information to the registered persons. Under certain circumstances, the law allows that personal data may be processed without the consent of the persons concerned. The rules are stricter when it comes to sensitive personal data and personal identity numbers.
Among other things, PUL also includes provisions on the security of personal data and rectification of inaccurate information.
The vast majority of the provisions of PUL do not need to be applied when processing personal data from unstructured materials, such as running text. In such cases, the processing of personal data is permitted as long as it does not involve a violation of that person’s integrity.
On the following pages you will find more information about processing personal data in specific situations:
How Lund University will adapt to the forthcoming Data Protection Ordinance
On 25 May 2018, a new Data Protection Ordinance (DSF) will replace the Swedish Personal Data Act (PUL). The DSF (Dataskyddsförordningen) is the Swedish name for the EU General Data Protection Regulation (GDPR). The aim with GDPR is to strengthen the right to privacy and to adapt legislation on personal data management to the digital society. Another aim is to harmonise EU legislation in the field and thus facilitate the flow of information within the Union.
The new rules clarify and place higher demands on the University regarding personal data management. In order to facilitate adaption to the new legislation, the management at Lund University has initiated a project entitled "Personal data management within Lund University". You can read more about this in the Project plan: Personal data management within Lund University (in Swedish).
You can also find further information on The Swedish Data Protection Authority's website.
For questions about personal data – contact the personal data representative at Lund University:
+46 46 222 09 85
johanna [dot] alhem [at] legal [dot] lu [dot] se
+46 46 222 76 41
carl [dot] petersson [at] legal [dot] lu [dot] se